AP 3600 can not join vWLC

Unanswered Question
Jan 27th, 2013

Hello,

I have no idea on why my AP 3600 can not join vWLC 7.3. From the log message on vWLC:

*spamApTask3: Jan 27 14:03:54.501: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.45.100

Here is the debug output of pm pki error , capwap error:


*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Request from 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Request from 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

*spamApTask3: Jan 27 13:16:30.394: 64:d9:89:47:c1:d0 Discovery Response sent to 192.168.45.100:25426

enable

(Cisco Controller) >debug capwap errors *spamApTask3: Jan 27 13:16:40.393: 64:d9:89:47:c1:d0 DTLS connection not found, creating new connection for 192:168:45:100 (25426) 192:168:45:18 (5246)

*spamApTask3: Jan 27 13:16:40.393: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: called to get cert for CID 108b5675

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetSshPrivateKeyFromCID: called to get key for CID 108b5675

*spamApTask3: Jan 27 13:16:40.394: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:16:40.394: sshpmGetSshPrivateKeyFromCID: match in row 2

*spamApTask3: Jan 27 13:16:40.416: 64:d9:89:47:c1:d0 DTLS connection was closed
*spamApTask3: Jan 27 13:16:40.417: 64:d9:89:47:c1:d0 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  192.168.45.100:25426)since DTLS session is not established

*spamApTask6: Jan 27 13:16:40.418: 64:d9:89:47:c1:d0 DTLS connection closed event receivedserver (192:168:45:18/5246) client (192:168:45:100/25426)
*spamApTask6: Jan 27 13:16:40.418: 64:d9:89:47:c1:d0 No entry exists for AP (192:168:45:100/25426)
enable

(Cisco Controller) >*spamApTask6: Jan 27 13:16:40.418: 64:d9:89:47:c1:d0 No AP entry exist in temporary database for 192.168.45.100:25426
*sshpmLscTask: Jan 27 13:17:35.881: sshpmLscTask: LSC Task received a message 4
*spamApTask3: Jan 27 13:17:45.394: 64:d9:89:47:c1:d0 DTLS connection not found, creating new connection for 192:168:45:100 (25426) 192:168:45:18 (5246)

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: called to get cert for CID 108b5675

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetSshPrivateKeyFromCID: called to get key for CID 108b5675

*spamApTask3: Jan 27 13:17:45.394: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:17:45.394: sshpmGetSshPrivateKeyFromCID: match in row 2

*spamApTask3: Jan 27 13:17:45.418: 64:d9:89:47:c1:d0 DTLS connection was closed
*spamApTask3: Jan 27 13:17:45.418: 64:d9:89:47:c1:d0 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  192.168.45.100:25426)since DTLS session is not established

*spamApTask6: Jan 27 13:17:45.418: 64:d9:89:47:c1:d0 DTLS connection closed event receivedserver (192:168:45:18/5246) client (192:168:45:100/25426)
*spamApTask6: Jan 27 13:17:45.418: 64:d9:89:47:c1:d0 No entry exists for AP (192:168:45:100/25426)
*spamApTask6: Jan 27 13:17:45.418: 64:d9:89:47:c1:d0 No AP entry exist in temporary database for 192.168.45.100:25426
*spamApTask3: Jan 27 13:18:50.395: 64:d9:89:47:c1:d0 DTLS connection not found, creating new connection for 192:168:45:100 (25426) 192:168:45:18 (5246)

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: called to get cert for CID 108b5675

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetSshPrivateKeyFromCID: called to get key for CID 108b5675

*spamApTask3: Jan 27 13:18:50.395: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*spamApTask3: Jan 27 13:18:50.395: sshpmGetSshPrivateKeyFromCID: match in row 2

*spamApTask3: Jan 27 13:18:50.416: 64:d9:89:47:c1:d0 DTLS connection was closed
*spamApTask3: Jan 27 13:18:50.417: 64:d9:89:47:c1:d0 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  192.168.45.100:25426)since DTLS session is not established

*spamApTask6: Jan 27 13:18:50.417: 64:d9:89:47:c1:d0 DTLS connection closed event receivedserver (192:168:45:18/5246) client (192:168:45:100/25426)
*spamApTask6: Jan 27 13:18:50.417: 64:d9:89:47:c1:d0 No entry exists for AP (192:168:45:100/25426)
*spamApTask6: Jan 27 13:18:50.417: 64:d9:89:47:c1:d0 No AP entry exist in temporary database for 192.168.45.100:25426

Any idea what is going on ?

Thanks,

An

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (5 ratings)
Leo Laohoo Sun, 01/27/2013 - 21:53

Post the following outputs:

1.  WLC:  sh sysinfo

2.  AP:  sh version;

3.  AP:  sh inventory

lean Sun, 01/27/2013 - 23:16

Sh sysinfor on vWLC:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.101.0
RTOS Version..................................... 7.3.101.0
Bootloader Version............................... 7.3.101.0
Emergency Image Version.......................... 7.3.101.0

Build Type....................................... DATA + WPS

System Name...................................... HCM-VWLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.45.18
System Up Time................................... 3 days 21 hrs 24 mins 12 secs
System Timezone Location......................... (GMT -8:00) Pacific Time (US and Canada)

Configured Country............................... VN  - Vietnam

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled

--More-- or (q)uit
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:B7:94:4F
Maximum number of APs supported.................. 200

sh ver and sh invent on AP:

Vietnam3600#show version
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(2)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 23-Aug-12 02:29 by prod_rel_team

ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(23c)JY, RELEASE SOFTWARE (fc1)

Vietnam3600 uptime is 3 days, 21 hours, 21 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-xx.152-2.JA"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3602I-E-K9    (PowerPC) processor (revision B0) with 180214K/81920K bytes of memory.
Processor board ID FGL1552P05B
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.3.101.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 70:CA:9B:86:35:06
Part Number                          : 73-14521-01
PCA Assembly Number                  : 800-37501-01
PCA Revision Number                  : A0
PCB Serial Number                    : FOC15485FW3
Top Assembly Part Number             : 800-35852-02
Top Assembly Serial Number           : FGL1552P05B
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP3602I-E-K9  

Configuration register is 0xF

Vietnam3600#sh inventory

NAME: "AP3600", DESCR: "Cisco Aironet 3600 Series (IEEE 802.11n) Access Point"

PID: AIR-CAP3602I-E-K9 , VID: V01, SN: FGL1552P05B Vietnam3600#sh inventory
NAME: "AP3600", DESCR: "Cisco Aironet 3600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP3602I-E-K9 , VID: V01, SN: FGL1552P05B

Leo Laohoo Sun, 01/27/2013 - 23:43

Thanks for the output.  I need you to console into the AP and reboot the AP.  Please post the entire bootup process.

lean Mon, 01/28/2013 - 00:35

I don't know why my console cable does not work for this AP while this console cable works for switch. I tried to search on CCO to find if there is any specific setting to console to AP 3600 but can not find any information ( already tried 9600, 8 databit, no parity, 1 stopbit , no flow control )

Leo Laohoo Mon, 01/28/2013 - 00:46

That's odd.

Based on the serial number the AP was built last week of December 2011.

Could be a batch defect.   You may need to RMA the AP.

lean Mon, 01/28/2013 - 18:41

No, it can join remote controller. We have a WLC in cloud and it can joint remote WLC  which i have no information about this WLC.

Scott Fella Mon, 01/28/2013 - 18:42

I don't get it. I joins another wlc but it doesn't join your vWLC?

Sent from Cisco Technical Support iPhone App

lean Wed, 04/16/2014 - 16:51

yes, me too, I still can not get it join the vWLC

Best Regards,

An

secureboy Wed, 04/16/2014 - 22:43

 

I solved. I have cisco 3602i-e ap points and vwlc 7.4 software. The below link helped me.

http://supertekboy.com/2014/01/13/cisco-lightweight-access-point-will-not-join-to-a-wireless-lan-controller/

secureboy Wed, 04/16/2014 - 03:35

Hi, lean,

 Did you solve your problem. I have same. console output is stopping, ap doesn't join to vWLC.

Scott Fella Sun, 01/27/2013 - 22:50

Lean,

Just to add to what Leo posted...

You also need to look at this link. Since its a vWLC, depending in the image the AP has, it might need to join a WLC first that is on v7.3 before you can join it to a vWLC.

https://supportforums.cisco.com/docs/DOC-26765#Access_Points_Requirement

http://www.cisco.com/en/US/products/ps12723/products_tech_note09186a0080bd2d04.shtml#tshoot

Sent from Cisco Technical Support iPhone App

martyn.rees Sun, 01/27/2013 - 23:24

The software release appears to be up to the correct level, as 15.2(2)JA is the required minimum release level for one of these AP's to join a vWLC.

Have you tried joining it to a physical appliance?

You may need to disable hash validation on the vWLC and then reboot the AP and watch the join process.

"configure certificate ssc hash validation disable"

and then on the AP:

test capwap erase

test capwap restart

lean Sun, 01/27/2013 - 23:46

In GUI of vWLC i already disable hash validation.

On AP i can not type test command:

Vietnam3600#test ? 

% Unrecognized commandVietnam3600#test ? 
% Unrecognized command

Scott Fella Sun, 01/27/2013 - 23:48

Don't do a test? Just enter the full command

Sent from Cisco Technical Support iPhone App

lean Sun, 01/27/2013 - 23:56

The is no such command on my AP:

Vietnam3600#capwap ? 
  ap  lwapp ap commands

Vietnam3600#capwap ap ?
  controller      lwapp primary controller
  dot1x           Configure the dot1x username and password
  ethernet        Configure ethernet parameters like vlan tag id
  hostname        Configure ap hostname
  ip              lwapp ap ip command
  log-server      Configure the syslog server where all LWAPP errors will be logged
  primary-base    Primary Controller
  primed-timer    primed-timer enable/disable
  secondary-base  Secondary Controller
  tertiary-base   Tertiary Controller

Scott Fella Mon, 01/28/2013 - 04:30

What I wanted you to just enter is

test capwap erase
test capwap restart

Just copy the whole command and hit the enter. Some of these commands are hidden and you can't use the ?

Sent from Cisco Technical Support iPhone App

lean Mon, 01/28/2013 - 18:16

I did as you advised, but it said that no such command, here is the output:

Vietnam3600#test capwap erase
              ^
% Invalid input detected at '^' marker.

Vietnam3600#capwap erase
                   ^
% Invalid input detected at '^' marker.

Vietnam3600#
Vietnam3600#test capwap erase
              ^
% Invalid input detected at '^' marker.

Vietnam3600#test capwap restart
              ^
% Invalid input detected at '^' marker.

Vietnam3600#

Scott Fella Mon, 01/28/2013 - 18:30

Try capwap controller IP address

Sent from Cisco Technical Support iPhone App

Leo Laohoo Mon, 01/28/2013 - 18:31

1.  Console into the AP and enter this command:  delete /f /r flash:/ap3g2-k9w8-mx.152-2.JA

2.  Reboot the AP

3.  Post the entire bootup process.

lean Mon, 01/28/2013 - 19:15

I can not enter this command, teh same as test capwap erase:

Vietnam3600#delete /f /r flash:/ap3g2-k9w8-mx.152-2.JA
              ^
% Invalid input detected at '^' marker.

Vietnam3600#

Scott Fella Mon, 01/28/2013 - 19:18

Post the output from the console... boot the ap and start capturing.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

lean Mon, 01/28/2013 - 19:23

Poor me, I feel there is some problem with the console port of this ap. I connected console cable to console port but not thing happen. This cable works fine for switch and router to which this ap connected to.

Scott Fella Mon, 01/28/2013 - 19:27

Well its probobly a bad AP.... I would just RMA that if you can't get to the console. 

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott Fella Mon, 01/28/2013 - 19:28

How are you entering these commands..... from telnet or ssh not from the console?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott Fella Mon, 01/28/2013 - 19:31

you can't do a config t can you?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott Fella Mon, 01/28/2013 - 19:37

Seems like you can't do much. Just RMA the AP and get a new one.

Sent from Cisco Technical Support iPhone App

lean Mon, 01/28/2013 - 19:40

but this ap still works fine. It can join WLC in cloud.

Scott Fella Mon, 01/28/2013 - 19:46

Well I don't know what to tell you. Maybe it's you vWLC. But if you can't do a capwap controller IP address there is nothing you can do. The only thing you have left is to join your vWLC on the same mobility group as the cloud wlc. Then set the primary wlc to the vWLC. There isn't anything else to do. If you can't console, well it's broke toe and I would replace it just because of that.

Sent from Cisco Technical Support iPhone App

lean Mon, 01/28/2013 - 19:52

i can do capwap controller ap ip add, but this does not help, ap still can not join :

Vietnam3600#capwap ap ?
  controller      lwapp primary controller
  dot1x           Configure the dot1x username and password
  ethernet        Configure ethernet parameters like vlan tag id
  hostname        Configure ap hostname
  ip              lwapp ap ip command
  log-server      Configure the syslog server where all LWAPP errors will be logged
  primary-base    Primary Controller
  primed-timer    primed-timer enable/disable
  secondary-base  Secondary Controller
  tertiary-base   Tertiary Controller

Vietnam3600#capwap ap control
Vietnam3600#capwap ap controller ?
  ip  lwapp primary controller ip

Vietnam3600#capwap ap controller ip ?
  address  Configure primary Controller IP address

Vietnam3600#capwap ap controller ip add
Vietnam3600#capwap ap controller ip address ?
  A.B.C.D  Controller IP address

Vietnam3600#capwap ap controller ip address 192.168.45.18
Vietnam3600#

Leo Laohoo Mon, 01/28/2013 - 19:50

How many APs can the vWLC support and how many APs are currently joined to the vWLC?

lean Mon, 01/28/2013 - 19:55

my vWLC has license for 200 AP. This is the first AP. I have another AP 1131, this ap can join vWLC but it does not have client assiociated. I guess because vWLC does not support local mode while my AP 1131 does not support REAP mode.

Leo Laohoo Mon, 01/28/2013 - 20:41

If you have another 3600, try it out.  I have a strange feeling you have a bad AP.

Actions

Login or Register to take actions

This Discussion

Posted January 27, 2013 at 9:22 PM
By lean
Stats:
Replies:34 Avg. Rating:
Views:1115 Votes:1
Shares:0
Tags: No tags.

Discussions Leaderboard